Use cipher_default_* PRAGMAs when attaching an encrypted database

When attaching an SQLCipher encrypted database we need to set the page size, KDF iterations, and HMAC and KDF algorithms. This needs to be done before actually attaching the database but we tried to do it afterwards which silently fails until the first statement is executed on the attached database. This commit modifies the "default" values for these pragmas in order to make sure SQLCipher uses the correct values right at the beginning. See issue #1799.
sqlitebrowser · Mar 30, 2019 · b8faa05 · b8faa05
1 parent d1ed6ab
commit b8faa05
Showing 1 changed file with 13 additions and 11 deletions.
diff --git a/src/sqlitedb.cpp b/src/sqlitedb.cpp
@@ -233,37 +233,39 @@ bool DBBrowserDB::attach(const QString& filePath, QString attach_as)
     else
         key = "KEY ''";
 
-    if(!executeSQL(QString("ATTACH '%1' AS %2 %3").arg(filePath).arg(sqlb::escapeIdentifier(attach_as)).arg(key), false))
-    {
-        QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
-        return false;
-    }
-
     // Only apply cipher settings if the database is encrypted
     if(cipherSettings && is_encrypted)
     {
-        if(!executeSQL(QString("PRAGMA %1.cipher_page_size = %2").arg(sqlb::escapeIdentifier(attach_as)).arg(cipherSettings->getPageSize()), false))
+        if(!executeSQL(QString("PRAGMA cipher_default_page_size = %1").arg(cipherSettings->getPageSize()), false))
         {
             QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
             return false;
         }
-        if(!executeSQL(QString("PRAGMA %1.kdf_iter = %2").arg(sqlb::escapeIdentifier(attach_as)).arg(cipherSettings->getKdfIterations()), false))
+        if(!executeSQL(QString("PRAGMA cipher_default_kdf_iter = %1").arg(cipherSettings->getKdfIterations()), false))
         {
             QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
             return false;
         }
-        if(!executeSQL(QString("PRAGMA %1.cipher_hmac_algorithm = %2").arg(sqlb::escapeIdentifier(attach_as)).arg(cipherSettings->getHmacAlgorithm()), false))
+        if(!executeSQL(QString("PRAGMA cipher_hmac_algorithm = %1").arg(cipherSettings->getHmacAlgorithm()), false))
         {
             QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
             return false;
         }
-        if(!executeSQL(QString("PRAGMA %1.cipher_kdf_algorithm = %2").arg(sqlb::escapeIdentifier(attach_as)).arg(cipherSettings->getKdfAlgorithm()), false))
+        if(!executeSQL(QString("PRAGMA cipher_kdf_algorithm = %1").arg(cipherSettings->getKdfAlgorithm()), false))
         {
             QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
             return false;
         }
-        delete cipherSettings;
     }
+
+    if(!executeSQL(QString("ATTACH '%1' AS %2 %3").arg(filePath).arg(sqlb::escapeIdentifier(attach_as)).arg(key), false))
+    {
+        QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
+        return false;
+    }
+
+    // Clean up cipher settings
+    delete cipherSettings;
 #else
     // Attach database
     if(!executeSQL(QString("ATTACH '%1' AS %2").arg(filePath).arg(sqlb::escapeIdentifier(attach_as)), false))